HomeGuidesChangelog
Changelog
Back to All

CLI 6.34.30

May 8th, 2026

Changed

  • Extended credential-redaction protections across third-party integration log output at all severity levels (Microsoft Defender, Okta, Wiz, Qualys, Prisma Cloud, Azure Intune, GitLab, Jira, SonarCloud, SentinelOne, Sicura, DuroSuite, Tenable, Axonius, CrowdStrike, and the GitLab and GitHub pipeline-compliance providers).
  • OpenTelemetry trace exporter now defaults to TLS. Deployments that previously relied on plaintext OTLP export must either point at a loopback collector (, , or ) or front the collector with TLS. Operators should monitor the application log for either WARNING (insecure=True against a non-loopback endpoint, exporter is disabled and spans are dropped) or WARNING (insecure=False against a plaintext http:// endpoint, gRPC TLS handshake fails and spans are dropped). Both modes drop spans silently with no exception raised.
  • Hidden the non-functional command group and its subcommands from output to avoid confusion. Use the group for eMASS workbook imports and legacy operations.
  • Documented the exact Microsoft Graph and Azure RBAC permissions required for the Azure (Intune) and Microsoft Defender (Defender for Endpoint, Defender for Cloud, and Entra ID evidence collection) integrations so administrators can grant least-privilege access to the corresponding Entra ID app registrations.
  • Pinned in the Airflow image build to clear CVE-2026-44307.

Added

  • FIPS 140-3 compliant Docker image variant published as (and ) for customers running in FedRAMP High or IL5 environments.